If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Sub7

All,

I have been perusing the sub7 website and had a few questions....

In order to infect someone with the "server.exe" file, it pretty much means that one has to have pretty much no AV at all, right?

Also, they have a list of start up options for the malicious file including registry entries and keyname entries, but also "less known" method and "unknown"method......they didn't discuss what those methods were, for reasons they considered obvious (and I guess they are): if they told you publicly what they were then they could be easily defeated.......my question is: does anyone have any idea what these secretive methods are??? and are there really any other ways to protect against it, maybe besides AV?

I killed your cat you druggy b****, I thought it would bring closure to our relationship. --Rocco, Boondock Saints

To be honest with you mate - I wouldnt bother with Sub7 now-a-days. Every single AV will pick it up straight away - every fire wall will block it. Plus there is that many "dodgy" versions floating around - you will just end up infecting yourself when you download it.

Sub-7 is very old hat and should be detected by a whole range of malware detectors? At least the "business end" should be?

What is interesting here (and perhaps what they are really discussing) is how to launch it (or any similar malware)?

They mention the normal/traditional methods I take it? a couple of others would be with malware injected into the nodes and spaces of an infected executable, and what I seem to recall are called "datastreams"...........sort of stuff hidden in the background of NTFS?

Those could well avoid detection by conventional detectors.

I agree with Nokia in that the actual back door will be detected, but what about the launch mechanism?

I also agree that it can be a useful tool when used for legitimate purposes............I have used virus software to distribute application updates before now...........because the "toads" would not give me the resource or budget to do it in a respectable manner

I would suggest that you stick to Sub-7 though, as it is so old hat it will not get you into trouble?

Get two networked boxs that are not anywhere near an Internet connection, install the server on one and the client on the other - now play around with the different settings and methods of installation - and learn to your hearts content.

You could even introduce different AV's and firewalls to see how they handle it and to try and find away around them if you really wish to.

Some of the settings wont work such as notification via E-mail/ICQ etc as obviously there is no internet connection but the vast majority of its functionality will still be there.

But when you have finished and go to put the boxs back online - I would advise a bloody good format first!!

Enjoy!

/Be aware though that most versions have another backdoor coded in to them - to install it on your machine with out you noticing. Couple this with the fact you will need to disable your Av and firewall - or at least configure them to ignore sub7 - and you could have a dangerous backdoor installed! Sub7 may be old but it can still do a lot of damage!
Be very selective where you download it from!

yeah, nokia, when i get my motherboard fixed i want to install server 2003 on it and try to play with that cause i do want to be a sec mgr....i don't really want to play sub7, i was just wondering kinda how that worked cause i didn't see much of an explanation on their site....thanks all......eric

I killed your cat you druggy b****, I thought it would bring closure to our relationship. --Rocco, Boondock Saints

and what I seem to recall are called "datastreams"...........sort of stuff hidden in the background of NTFS?

I have seen this in action. Its called Alternate Data Stream or ADS, a few number of malware use it, so far i only bumped into 2 of them. Its a pain in the arse to detect/notice, unless u know what to look for. Anyway, I dont think i can properly explain how this works but I can give you this link as a reference.